Indian Government issues warning about Locky Ransomware spreading via E-mail

The Indian government has issued an alert through Cyber Swachhta Kendra regarding the spread of new ransomware named “Locky” through email attachments. This new Locky ransomware will be able to lock all your important system files using an encryption algorithm. After locking all your critical files, you will be demanded for a ransom to unlock it.

As per the government, a group of hackers have sent more than 23 million emails as part of their campaign to spread this new ransomware. Ajay Kumar, the Electronics and IT Additional Secretary at ICERT (Indian Computer Emergency Response Team) has tweeted as below,

The emails shall contain some usual subjects we normally receive from friends or acquaintances like “Photo” “pictures, “Scans”, “Images”, “documents” and “Please print”. The hackers have designed the emails with great caution to ensure that users will not find anything suspicious while trying to open it. The government advisory also stated that the subject texts may vary randomly.

These emails contain some zipped files as attachments which tricks the affected computer to download a ransomware. This malicious program will later encrypt all the important files in the affected system and demands a ransom of half bitcoin to unlock those files. Bitcoin has gained a lot of popularity in 2017 and surged up to 400% this year alone. Currently 1 bitcoin is worth approximately 3.1 lakh the hackers are demanding 0.5 bitcoin which is worth more than Rs. 1.5 lakhs as of today. Since cryptocurrencies like bitcoin enable secure and completely anonymous transactions, the cyber criminals are taking advantage of them to demand their ransom.

Locky Ransomware

The government has issued this advisory to notify the public about the spread of this new malware through email attachments. Also, it has requested the users to be careful when opening emails from unknown senders. The organizations are advised to update their spam block lists and deploy anti-spam solutions. There was also a similar attack sometime recently through Petya Ransomware.

The affected devices by Locky Ransomware will get encrypted with random numbers having an extension as “[dot diablog6] or “[dot] lukitus” as per the government advisory. The ransomware gets your computer locked after which they provide instruction about installing a TOR browser and to visit [dot] onion sites where users are asked to submit a ransom of half bitcoin which has a current market price of 1.5 lakh rupees.

The experts have provided this warning about the spread of new ransomware through “Cyber Swachhta Kendra” which is a Indian government’s initiative for cyber security. This Botnet Cleaning and Malware Analysis Centre operate under the Ministry of Electronics and Information Technology (MeitY) for creation of a secure cyber space through advanced detection of botnets and other malware. This organization was started as a part of Digital India initiative to notify citizen’s in advance about new threats and to help them stay protected.